This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF THE CLAIMS: 

1 . (Currently Amended): A user authentication method, whereby a one-way function F, 
which should satisfy satisfying a relation v = F(g, -s), is determined by employing an 
integer g that is defined in advance for a relation between a public key v and a secret key 
s of a prover computer, and whereby a relation is verified between said prover computer 
and each of multiple verifier computers, comprising the steps of: 

said prover computer generating a random number a, obtaining a cryptogram A 
= the function F(g, a), and transmitting said cryptogram A to said verifier computers; 

said verifier computers generating a random number b, obtaining a cryptogram B 
= the function F(g, b) and a cryptogram X = the function F(A, b), and transmitting said 
cryptograms B and X to said prover computer; 

said prover computer determining whether a relation of said cryptogram X = the 
function F(B, a) has been established and generating a random number c when said 
relation has been established, obtaining a cryptogram C - function F(g, c) and a 
cryptogram Y - the function F(B, c), or a cryptogram C = the function F(A, c), a 
cryptogram Y = the function F(X, c) and a cryptogram Z = a function H(a, Y, s), and 
transmitting said cryptograms C and Y or said cryptograms C, Y and Z to said verifier 
computers; and 

said verifier computers, when said cryptogram Y = the function F(C, b) and said 
cryptogram A = a function J(v, Y, g, Z) are established, determining that said relation 
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between said prover computer and said verifier computer is correct. 

2. (Original): The user authentication method according to claim 1, wherein said public 
key v is obtained by employing prime numbers p and q that satisfy (q|p - 1), and by 
defining an element of the order q as said integer g. 

3. (Original): The user authentication method according to claim 1, wherein, by using 
said public key v and said secret key s, said function F acquires a relation v = F(g, -s) = 
g" s mod p. 

4. (Original): The user authentication method according to claim 1, wherein, when a 
relation X = B a mod p is established, said prover computer generates said random 
number c. 

5. (Original): The user authentication method according to claim 1, wherein said 
function H has a relation H(a, Y, s) = a + Ys mod q. 

6. (Original): The user authentication method according to claim 1, wherein said 
function J has a relation J(v, Y, g, Z) = v Y g z mod p. 

7. (Currently Amended): A storage medium on which a user authentication program, 
which is to be read by a prover computer, is stored whereby a one-way function F, 
which should satisfy satisfying a relation v = F(g, -s), is determined by employing an 
integer g, which is defined in advance for the relation between a public key v and a 
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secret key s of said prover computer, and whereby a relation is verified between said 
prover computer and each of multiple verifier computers, said user authentication 
program permitting said prover computer to perform: 

a process for generating a random number a and for obtaining a cryptogram A = 
the function F(g, a), and for transmitting said cryptogram A to said verifier computers; 

a process for receiving cryptograms B and X from said verifier computer, and 
for employing said cryptograms to determine whether a relation a cryptogram X = the 
function F (B, a) has been established; 

a process for generating a random number c when said relation has been 
established; and 

a process for obtaining a cryptogram C - the function F(g, c) and a cryptogram 
Y ~ the function F(B, c), or a cryptogram C = the function F(A, c), a cryptogram Y = the 
function F(X, c) and a cryptogram Z = the function H(a, Y, s); and 

a process for transmitting said cryptograms C and Y, or C, Y and Z, to said 
verifier computers. 

8. (Currently Amended): A storage medium on which a user authentication program, 
which is to be read by a prover computer, is stored whereby a one-way function F, 
which should satisfy satisfying a relation v = F(g, -s), is determined by employing an 
integer g, which is defined in advance for the relation between a public key v and a 
secret key s of said prover computer, and whereby a relation is verified between said 
prover computer and each of multiple verifier computers, said user authentication 
program permitting said verifier computers to perform: 

a process for receiving a cryptogram A from said prover computer and for 
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generating a random number b; 

a process for obtaining a cryptogram B = the function F(g, b) and a cryptogram 
X = the function F(A, b), using said random number b and said cryptogram that is 
received, and for transmitting said cryptograms B and X to said prover computer; 

a process for receiving, from said prover computer, a cryptogram C - the 
function F(g, c) and a cryptogram Y - the function F(B, c), or a cryptogram C = the 
function F(A, c), a cryptogram Y = the function F(X, c) and a cryptogram Z = the 
function H(a, Y, s); and 

a process, based on said cryptograms C and Y or C, Y and Z that are received, 
for verifying a relation between said verifier computer and said prover computer when 
two relations of said cryptogram Y = the function F(C, b) and said cryptogram A = the 
function J(v, Y, g, Z) are established at the same time. 

9. (Currently Amended): A user authentication apparatus for a prover computer, 
wherein a one-way function F, which should satisfy satisfying a relation v =F(g, -s), is 
determined by employing an integer g, which is defined in advance, for a relation 
between a public key v and a secret key s of said prover computer, and wherein a 
relation is verified between said prover computer and each of multiple verifier 
computers, said user authentication apparatus comprising: 

transmission means, for generating a random number a and obtaining a 
cryptogram A = the function F(g, a), and for transmitting said obtained cryptogram A to 
said verifier computers; 

reception means, for receiving cryptograms B and X from said verifier 
computers; 
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verification means, for employing said cryptograms B and X to determine 
whether a relation of said cryptogram X = the function F(B, a) has been established; 

cryptogram computation means, for generating a random number c when it has 
been ascertained that said relation has been established, and for obtaining a cryptogram 
C ~ the function F(g, c) and a cryptogram Y - the function F(B, c), or a cryptogram C = 
the function F(A, c), a cryptogram Y = the function F(X, c) and a cryptogram Z = the 
function H(a, Y, s); and 

cryptogram transmission means, for transmitting said cryptograms C and Y or C, 
Y and Z to said verifier computers. 

10 (Currently Amended): A user authentication apparatus for a prover computer 
wherein a one-way function F, which should satisfy satisfying a relation v = F(g, -s), is 
determined by employing an integer g, which is defined in advance, for the relation 
between a public key v and a secret key s of a prover computer, and wherein a relation is 
verified between said prover computer and each of multiple verifier computers, said 
user authentication apparatus comprising: 

reception means, for receiving a cryptogram A from said prover computer; 

transmission means, for generating a random number b, and for employing said 
random number b and said cryptogram A that is received to obtain a cryptogram B = the 
function F(g, b) and a cryptogram X = the function F(A, b), and for transmitting said 
cryptograms B and X to said prover computer; 

cryptogram reception means, for receiving from said prover computer a 
cryptogram C ~ the function F(g, c) and a cryptogram Y ~ the function F(B, c) or a 
cryptogram C = the function F(A, c), a cryptogram Y = the function F(X, c), and a 
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cryptogram Z - the function H(a, Y, s); and 

verification means, for performing a procedure, based on said cryptograms C, Y 
and Z that are received, for verifying a relation between said verifier computers and said 
prover computer when two relations of said cryptogram Y = the function F(C, b) and 
said cryptogram A = the function J(v, Y, g, Z) are established at the same time. 

1 1 . (Currently Amended): A user authentication system comprising a user 
authentication apparatus for a prover computer and a user authentication apparatus at 
each of multiple verifier computers, wherein a one-way function F, satisfying a relation 
v =F( g, -sV is determined by employing an integer g, which is defined in advance, for a 
relation between a public key v and a secret key s of said prover computer, and wherein 
a relation is verified between said prover computer and each of multiple verifier 
computers, said user authentication apparatus for said prover computer comprising : 

th e user auth e ntication apparatus for said prover computer according to claim 9; 

transmission means, for generating a random number a and obtaining a 
cryptogram A = the function F(g, a), and for transmitting said obtained cryptogram A to 
said verifier computers; 

reception means, for receiving cryptograms B and X from said verifier 
computers; 

verification means, for employing said cryptograms B and X to determine 
whether a relation of said cryptogram X = the function F(B, a) has been established; 

cryptogram computation means, for generating a random number c when it has 
been ascertained that said relation has been established, and for obtaining a cryptogram 
C = the function F(A, c\ a cryptogram Y = the function F(X, c) and a cryptogram Z = 
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the function H(a, Y, s); and 

cryptogram transmission means, for transmitting said cryptograms C and Y -er C, 
Y and Z to said verifier computers; 
and 

a plurality of user auth e ntication apparatus e s for said v e rifier comput e rs 
according to claim 10 

said user authentication apparatus for each said multiple verifier computers 
comprising: 

reception means, for receiving said cryptogram A from said prover computer; 

transmission means, for generating a random number b, and for employing said 
random number b and said cryptogram A that is received to obtain a cryptogram B = the 
function F(g, b) and a cryptogram X = the function F(A, b\ and for transmitting said 
cryptograms B and X to said prover computer; 

cryptogram reception means, for receiving from said prover computer a 
cryptogram C = the function F(A, c), a cryptogram Y = the function F(X, c\ and a 
cryptogram Z = the function H(a, Y, s); and verification means, for performing a 
procedure, based on said cryptograms C, Y and Z that are received, for verifying a 
relation between said verifier computers and said prover computer when two relations 
of said cryptogram Y = the function F(C, b) and said cryptogram A = the function Jfe 
Y, g, Z) are established at the same time . 

12. (Currently Amended): A user authentication system, wherein a one-way function F, 
which should satisfy v = F(g 5 -s), is determined by employing an integer g, which is 
defined in advance, for the relation between a public key v and a secret key s of a prover 

q G:\Ibm\105\18418\Amend\18418.aml.doc 



computer, and wherein a relation is verified between said prover computer and each of 
multiple verifier computers, comprising: 

transmission means, for said prover computer, for generating a random number a 
and obtaining a cryptogram A = the function F(g, a), and for transmitting said obtained 
cryptogram A to said verifier computers; 

reception means for said verifier computers, for receiving said cryptogram A 
from said prover computer; 

transmission means for said verifier computers, for generating a random number 
b with which said cryptogram A is employed to obtain a cryptogram B = the function 
F(g, b) and a cryptogram X = the function F(A, b), and for transmitting said cryptograms 
B and X to said prover computer; 

reception means for said prover computer, for receiving said cryptograms B and 
X from said verifier computers; 

verification means for said prover computer, for employing said cryptograms B 
and X to determine whether a relation of said cryptogram X = the function F(B, a) has 
been established; 

cryptogram computation means for said prover computer, for generating a 
random number c when it is ascertained that said relation has been established, and for 
obtaining said cryptogram C ~ the function F(g, c) and said cryptogram Y ~ the function 
F(B, c), or said cryptogram C = the function F(A, c) and said cryptogram Y = the 
function F(X, c), and a cryptogram Z = the function H(a, Y, s); and 

cryptogram transmission means for said prover computer, for transmitting said 
cryptograms C, Y and Z to said verifier computers; 

cryptogram reception means, for said verifier computers, for receiving said 
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cryptograms C, Y and Z from said prover computer; and 

verification means for said verifier computers, for employing said cryptograms 
C 5 Y and Z that are received to verify a relation between said verifier computers and 
said prover computer when two relations of said cryptogram Y = the function F(C, b) 
and said cryptogram A = the function J(v, Y, g, Z) are established at the same time. 

13. (Currently Amended): A computer program product comprising a computer usable 
medium having computer readable program code means embodied therein for causing 
user authentication, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a 
computer to effect tho perform method steps implemented in the user authentication 
apparatus of claim 9. 

14. (Currently Amended): A computer program product comprising a computer usable 
medium having computer readable program code means embodied therein for causing 
user authentication, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a 
computer to effect tho perform method steps implemented in the user authentication 
apparatus of claim 10. 

1 5. (Currently Amended): A computer program product comprising a computer usable 
medium having computer readable program code means embodied therein for causing 
user authentication, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a 
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computer to effect perform method steps implemented in the system of claim 1 1 . 



16. (Currently Amended): A computer program product comprising a computer usable 
medium having computer readable program code means embodied therein for causing 
user authentication, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a 
computer to effect perform method steps implemented in the system of claim 12. 

17. (Currently Amended): An article of manufacture comprising a computer usable 
medium having computer readable program code means embodied therein for 
implementing a user authentication method, the computer readable program code means 
in said article of manufacture comprising computer readable program code means for 
causing a computer to effect perform the steps [[of]] as claimed in claim 1 . 

Please add new Claims 18-23. 

18. (New): The user authentication method according to claim 1, wherein alternatively, 
said cryptogram C and cryptogram Y functions are defined as: C = function F(g, c) and 
Y = the function F(B, c). 

19. (New): The storage medium according to claim 7, wherein said process for 
obtaining cryptograms C and Y alternatively obtains a cryptogram C = function F(g, c) 
and Y = the function F(B, c). 

20. (New): The storage medium according to claim 8, wherein said process for receiving 
cryptograms C and Y from said prover computer alternatively receives a cryptogram C = 
the function F(g, c) and a cryptogram Y = the function F(B, c). 
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21 . (New): The user authentication apparatus according to claim 9, wherein said 
cryptogram computation means alternatively obtains a cryptogram C = the function F(g, 
c) and a cryptogram Y = the function F(B, c). 

22. (New): The user authentication apparatus according to claim 10, wherein said 
cryptogram reception means receives from said prover computer a cryptogram C = the 
function F(g, c) and a cryptogram Y = the function F(B, c). 

23. (New): The user authentication system according to claim 12, wherein said 
computation means for said prover computer alternatively obtains a cryptogram C = the 
said cryptogram C = the function F(g, c) and said cryptogram Y = the function F(B 5 c). 
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